Hi,
This is my second time that I'm reinstalling my server because of malicous attacks
So please can you give me tips on how to secure my linode.
I'll be using ubuntu 12.04 LTS.
Thank you

First lock down ssh

make sure root is unable to log in

set up public keys and turn off password log ins this is where I would start

How did they get in? How do you know that you were attacked?

Yes I'd be interested to know how you know too?

-Don't use password authentication for SSH.
-Keep updated. If possible, get on mailing lists for applications you use (Apache, PHP). Follow various vulnerability databases. If you are unable to do this, run an update script every day.
-If you use a webserver there are many things to do to lock it down. Use something like the PHP Suhosin patch to limit the functions that can be used together. Lock down the combination of eval() and base64_decode() in a function in PHP. This will help guard against a LOT of issues.

I run updates everyday and also I have a IDS (ossec) system running that emails me any issues in real time.

Just to add to your post

Assuming your problem is SSH-related:

http://www.wolfpaw.co.uk/2012/03/securing-a-linux-vps/

How does that work out for you? I tried running snort as IDS as well as a port monitor, and ended up flooded with a ton of stuff. I don't have the knowledge to really set up a good ids setup and then to set up something else to monitor, so if I could get something like a daily logwatch email that tells me what I need, it'd be nice.

_________________
Take care,
Ty